GoldenEye Ransomware

Authors of Petya Ransomware and Mischa ransomware have returned with a new file-encrypting threat GoldenEye Ransomware. It does not differ much from these older infections, so it might be true that it is the same malware having a new name. Just like Petya and Mischa, it secretly enters computers and then encrypts the user’s personal data, including pictures, archives, documents, etc. Unlike ransomware infections prevalent these days, it also modifies the Master Boot Record (MBR) so that users could not use their computers. This makes it a threat that is extremely hard to delete. No matter how difficult it is to delete this ransomware, you should get rid of it right now. In order to do that, you will first have to fix the changes applied to the Master Boot Record. Then, you will have to take care of the actual ransomware infection.

There is no doubt that GoldenEye Ransomware enters computers without permission. This happens when users open the malicious file they find in a spam email. Once this ransomware infection is inside the computer, it drops an executable file eventcreate.exe in C:\Users\user\AppData\Roaming\{7fa31851-bd45-4c76-9fa0-d5c5b337c059}. Then, it starts encrypting files on the computer and modifies the user’s hard drive MBR. After GoldenEye Ransomware finishes encrypting the personal data stored on the computer, it also drops a ransom note in a .txt format (YOUR_FILES_ARE_ENCRYPTED.TXT). Its first sentence informs users that they have become victims of GoldenEye Ransomware, whereas the second one tells them that their files have been encrypted with a strong encryption algorithm and it is impossible to recover data without the special key. Of course, this key can be purchased from cyber criminals. To find out how to do that, users are instructed to get the Tor Browser, open one of the provided .onion links, and then enter the personal decryption code provided in the ransom note. We can assure you that you will be asked to buy Bitcoins (a digital currency) and then send it to cyber criminals. The decryption key will not be cheap, and, unfortunately, nobody knows whether it will be sent to you after you make a payment. Therefore, you should think twice before transferring money to cyber criminals. Users who make a decision not to do anything can try to restore the encrypted data using a free data recovery tool after fixing the MBR and deleting GoldenEye Ransomware fully. If none of the tools work, you should know that you can recover the encrypted data from a backup. This will work only if a backup has been created before the entrance of this computer infection.

Even though GoldenEye Ransomware is a new ransomware infection, it is very similar to these older infections in a sense that it also encrypts files with an intention of extorting money from users. Also, it is distributed exactly like these older computer infections. It has been found that the malicious file installing GoldenEye Ransomware is usually spread in a spam email attachment. These emails are targeting users living in Germany, but the situation might completely change in the near future, so users have to be careful no matter where they live. First of all, users should not open emails that have been placed into the spam mail folder, especially if the sender is unknown or they are not expecting any email. On top of that, users should never open attachments even though they do not look harmful at all because they might install malicious software. In the case of GoldenEye Ransomware, it is very likely that this ransomware infection has been installed on the computer because a user has opened an .xls file (a file format used by Excel) from a spam email. We do not blame you if you have done that too because this file really looks harmless.

What you need to do first to delete GoldenEye Ransomware from your computer is to fix the Master Boot Record. If you do not do that, your Windows OS could not be loaded, and thus you could not access your Desktop. After you fix the MBR, go to delete the malicious file of the ransomware infection. Instructions prepared by specialists at pcthreat.com will help you; however, it does not mean that your files will be unlocked when you delete this computer infection.

How to remove GoldenEye Ransomware manually

Fix the Master Boot Record (MBR)

Windows XP

Insert the Windows XP CD and then press R.

Type 1 and press Enter when you see Which Windows installation would you like to log into.